summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2017-05-22 15:31:23 +0200
committerDaiki Ueno <ueno@gnu.org>2017-05-22 15:57:52 +0200
commit8b64577c3bb4d5dd60e4939223550f2f2002284b (patch)
treed5a63bb8665388d8135d49aa5f29f15304b42cc0
parent723dfeb3dd9b8426c4c1d6236f4b22354c122dae (diff)
build: Add fuzzer using AFL
-rw-r--r--build/fuzz/main.c44
-rw-r--r--build/fuzz/rpc.in/transcriptbin0 -> 146 bytes
-rw-r--r--build/fuzz/rpc_fuzzer.c52
-rwxr-xr-xbuild/fuzz/run-afl.sh46
-rw-r--r--build/fuzz/transcriptbin0 -> 5694933 bytes
5 files changed, 142 insertions, 0 deletions
diff --git a/build/fuzz/main.c b/build/fuzz/main.c
new file mode 100644
index 0000000..6029430
--- /dev/null
+++ b/build/fuzz/main.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2017 Nikos Mavrogiannopoulos
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int main(int argc, char **argv)
+{
+ int ret;
+ unsigned char buf[64*1024];
+
+ ret = fread(buf, 1, sizeof(buf), stdin);
+ if (ret <= 0)
+ return 0;
+
+ return LLVMFuzzerTestOneInput(buf, ret);
+}
diff --git a/build/fuzz/rpc.in/transcript b/build/fuzz/rpc.in/transcript
new file mode 100644
index 0000000..c3d37db
--- /dev/null
+++ b/build/fuzz/rpc.in/transcript
Binary files differ
diff --git a/build/fuzz/rpc_fuzzer.c b/build/fuzz/rpc_fuzzer.c
new file mode 100644
index 0000000..3bef578
--- /dev/null
+++ b/build/fuzz/rpc_fuzzer.c
@@ -0,0 +1,52 @@
+/*
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include "config.h"
+#include "test.h"
+
+#include "library.h"
+#include "mock.h"
+#include "rpc.h"
+
+#include <assert.h>
+#include <stdint.h>
+
+static p11_virtual base;
+
+#ifdef __cplusplus
+extern "C"
+#endif
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ p11_buffer buffer;
+
+ mock_module_init ();
+ p11_library_init ();
+
+ p11_buffer_init (&buffer, 0);
+
+ p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
+ base.funcs.C_Initialize (&base.funcs, NULL);
+
+ p11_buffer_add (&buffer, data, size);
+ assert (!p11_buffer_failed (&buffer));
+
+ p11_rpc_server_handle (&base.funcs, &buffer, &buffer);
+
+ return 0;
+}
diff --git a/build/fuzz/run-afl.sh b/build/fuzz/run-afl.sh
new file mode 100755
index 0000000..95c6c43
--- /dev/null
+++ b/build/fuzz/run-afl.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>
+
+srcdir="${srcdir:-.}"
+export LD_LIBRARY_PATH=${srcdir}/../../lib/.libs/
+
+cat ${srcdir}/../../config.log|grep afl-gcc >/dev/null 2>&1
+if test $? != 0;then
+ echo "compile first library as:"
+ echo "CC=afl-gcc ./configure"
+ exit 1
+fi
+
+if test -z "$1";then
+ echo "Usage: $0 test-case"
+ echo "Example: $0 gnutls_x509_parser_fuzzer"
+ exit 1
+fi
+
+rm -f $1
+CFLAGS="-g -O2" CC=afl-gcc make $1 || exit 1
+
+TEST=$(echo $1|sed s/_fuzzer//)
+
+TMPOUT=${TEST}.$$.out
+mkdir -p ${TMPOUT}
+afl-fuzz -i ${TEST}.in -o ${TMPOUT} -- ./${TEST}_fuzzer
+
+echo "output was stored in $TMPOUT"
+
+exit 0
diff --git a/build/fuzz/transcript b/build/fuzz/transcript
new file mode 100644
index 0000000..32c786a
--- /dev/null
+++ b/build/fuzz/transcript
Binary files differ